Re: Error reaching https site on port 8443

Hi,

Sorry a little lost here, you say that when you applied that ACL you don't have access from inside to outside. Did you issue command clear xlate, if possible can you post your config here or direct to me if you like (please remember to change real IPs and passwords. e-mail: jmia@ohgroup.co.uk

Re: Error reaching https site on port 8443

Hi,

The procedure for changing the inside access-list to permit additional users access is as follows.

Open up a notepad session and also telnet into the PIX.

Show the configuration on the PIX, copy all the access-list inside (which I presume) is access-list outbound-nat lines into notepad. At the start of the text in notepad add an additional line stating no access-list inside, in your case no access-list outbound-nat

It should end up looking something like this

No access-list outbound-nat

access-list outbound-nat deny ip any host a.b.c.7

access-list outbound-nat deny ip any host a.b.c.7

access-list outbound-nat deny ip any host a.b.c.7

access-list outbound-nat deny ip any host a.b.c.7

access-list outbound-nat permit ip any any

access-group outbound-nat in interface inside

Add the additional ACL (access-list outbound-nat permit tcp host any eq 8443) you require to the start, below the no access-list outbound-nat line. If you need to take any ACLs out simply delete the appropriate line from the text.

Back to the telnet screen, make sure your in configuration mode, paste the modified text back into the PIX, issue the write memory command and then issue command clear xlate.

The way this works is when the no access-list outbound-nat command is issued the entire list and the interface (if any are applied) statements are removed. Modifying the text in notepad and pasting it back ensures that the list is in the correct order, as the list is parsed start to finish, BUT if a match is made access-list processing stops. Therefore if you simply stick new entries at the end of the list they will be ignored because of the catch all access-list outbound-nat permit ip any any at the end of the list.

Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...
view more